Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23278
HistoryFeb 25, 2010 - 12:00 a.m.

jQuery Validate 1.6.0 Demo Code Advisory

2010-02-2500:00:00
vulners.com
27
JSON

±---------------------------------------------+
ADVISORY – jQuery Validate 1.6.0 Demo Code

AFFECTED PACKAGES
> jQuery Validate 1.6.0
> SilverStripe 2.3.X to 2.3.5

Discovered By CodeScan.com
±---------------------------------------------+

Vendor's Website:
http://bassistance.de/jquery-plugins/jquery-plugin-validation/

CodeScan Labs (www.codescan.com), has recently
released a new source code scanning tool,
CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code
for security vulnerabilities. CodeScan utilises
an intelligent source code parsing engine,
traversing execution paths and tracking the flow
of user supplied input.

During the ongoing testing of CodeScan PHP, the
jQuery.Validate demonstration code was discovered
within another project.

<<< CROSS SITE SCRIPTING THROUGH ECHO >>>

XSS in [form.php], folder [demo].
(Full Path:

$user = $_REQUEST['user'];
$pw = $_REQUEST['password'];
if($user && $pw && $pw == "foobar")
echo "Hi $user, welcome back."

<<< PROOF OF CONCEPT >>>

http://[host]/validate/demo/form.php?user=%3Cscript%3Ealert%28%27Proof%20of%20Concept%27%29;%3C/script%3E&password=foobar

<<< YES, WE REALISE THIS IS DEMO CODE >>>

A simple Google search unearthed a number of
results for the existence of this plugin/demo
within SVN repositories, as well as on live web
servers. Demo or not, it has been included in
distributions (Such as SilverStripe) – and has
been deployed in live environments.

<<< RESPONSIBLE DISCLOSURE >>>

We have attempted to make contact with the
author of this plugin, to no avail.

We successfully made contact with the
SilverStripe team who promptly tidied up.
Quick response, well done.

<<< EXPLICIT RECCOMENDATIONS >>>

SilverStripe Users: Upgrade to the latest
version of SilverStripe (2.3.6 at time of
writing), and ensure the file is deleted.

Other Users: Chances are you do not need
this file in your project, so delete the
[form.php] file. Otherwise, ensure proper
Sanitization.

<<< CLOSING NOTES >>>

You may be able to write secure code, but the
code you get from third parties can put you at
risk. Always review the code of third parties
(including/especially plug ins) – not doing so
puts you at unnecessary risk.

This message has been scanned for viruses and

dangerous content by Bizo EmailFilter, and is

believed to be clean.

JSON